Breadcrumbs – Page 2 – PossibleThreat Articles

Ten Years Later, New Clues in the Target Breach

December 14, 2023 0 Comments 74957809554, A Little Sunshine, bothunter, Breadcrumbs, chronopay, ika, jsc hot spot, lev tolstoy, megaplan, mikhail borisovich shefel, mikhail lenin, mikhail shefel, pavel vrublevsky, pustota, r-fac1, target breach, v.zhabukin@freefrog-co-ru, vasily borisovich zhabykin, vera vrublevsky, zaxvatmira@gmail.com

Credit to Author: BrianKrebs| Date: Thu, 14 Dec 2023 17:51:39 +0000

On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included the text string “Rescator,” which also was the handle chosen by the cybercriminal who was selling all of the cards stolen from Target customers. Ten years later, KrebsOnSecurity has uncovered new clues about the real-life identity of Rescator.

Independent Krebs Security

Who’s Behind the SWAT USA Reshipping Service?

November 6, 2023 0 Comments A Little Sunshine, apathyp, apathyr8@jabber.ccc.de, Breadcrumbs, constella intelligence, gezze@mail.ru, gezze@yandex.ru, intel 471, ivan sherban, mynetwatchman, Ne'er-Do-Well News, swat usa drop service, triploo@mail.ru, universalo, verified, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 06 Nov 2023 13:51:31 +0000

Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today’s Part II, we’ll examine clues about the real-life identity left behind by “Fearless,” the nickname chosen by the proprietor of the SWAT USA Drops service.

Independent Krebs Security

A Closer Look at the Snatch Data Ransom Group

September 30, 2023 0 Comments Breadcrumbs, cisa, constella intelligence, databreaches.net, FBI, flashpoint, Ne'er-Do-Well News, perchatka, Ransomware, semen7907, semyon tretyakov, snatch ransomware, snatch team, tretyakov-files@yandex.ru

Credit to Author: BrianKrebs| Date: Sat, 30 Sep 2023 19:47:57 +0000

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. Today, we’ll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name.

Independent Krebs Security

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

September 27, 2023 0 Comments @htmalgae, 8base ransomware, atomicstealer, Breadcrumbs, Data Breaches, domaintools.com, google.com, malwarebytes, microsoft teams, mihail kolesnikov, Ne'er-Do-Well News, Ransomware, rilide, trustwave spiderlabs

Credit to Author: BrianKrebs| Date: Wed, 27 Sep 2023 11:48:37 +0000

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord.

Independent Krebs Security

Karma Catches Up to Global Phishing Service 16Shop

August 17, 2023 0 Comments 16shop, Akamai, bandungxploiter, Breadcrumbs, constella intelligence, cyberthread.id, devilscream, FBI, interpol, mcafee, Ne'er-Do-Well News, riswanda noor supatra, rizky mauluna sidik, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 17 Aug 2023 19:58:56 +0000

You’ve probably never heard of “16Shop,” but there’s a good chance someone using it has tried to phish you. Last week, the international police organization INTERPOL said it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. INTERPOL said authorities in Indonesia arrested the 21-year-old proprietor and one of his alleged facilitators, and that a third suspect was apprehended in Japan.

Independent Krebs Security

Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’

August 8, 2023 0 Comments #chatgpt, A Little Sunshine, arctic stealer, Breadcrumbs, daniel kelley, dcrat, google bard, Hackforums, large language models, llms, rafael morais, ruiunashackers, The Coming Storm, wormgpt

Credit to Author: BrianKrebs| Date: Tue, 08 Aug 2023 17:37:23 +0000

WormGPT, a private new chatbot service advertised as a way to use Artificial Intelligence (AI) to help write malicious software without all the pesky prohibitions on such activity enforced by ChatGPT and Google Bard, has started adding restrictions on how the service can be used. Faced with customers trying to use WormGPT to create ransomware and phishing scams, the 23-year-old Portuguese programmer who created the project now says his service is slowly morphing into “a more controlled environment.” The large language models (LLMs) made by ChatGPT parent OpenAI or Google or Microsoft all have various safety measures designed to prevent people from abusing them for nefarious purposes — such as creating malware or hate speech. In contrast, WormGPT has promoted itself as a new LLM that was created specifically for cybercrime activities.

Independent Krebs Security

Who’s Behind the DomainNetworks Snail Mail Scam?

July 3, 2023 0 Comments A Little Sunshine, better business bureau, Breadcrumbs, constella intelligence, distributorinvoice@mail.com, domainnetworks, domaintools, eliran benz, houzz, publicwww, sam alon, shenhavgroup@gmail.com, shmuel orit alon, tropicglobal@gmail.com, ubsagency@gmail.com, united business service, united business services, us domain authority llc, weblistingsinc.net, whmcs.com

Credit to Author: BrianKrebs| Date: Mon, 03 Jul 2023 14:56:35 +0000

If you’ve ever owned a domain name, the chances are good that at some point you’ve received a snail mail letter which appears to be a bill for a domain or website-related services. In reality, these misleading missives try to trick people into paying for useless services they never ordered, don’t need, and probably will never receive. Here’s a look at the most recent incarnation of this scam — DomainNetworks — and some clues about who may be behind it.

Independent Krebs Security

Why Malware Crypting Services Deserve More Scrutiny

June 21, 2023 0 Comments +7.9235059268, Breadcrumbs, cdek, constella intelligence, crypt[.]guru, gumboldt@gmail.com, intel 471, kerens, kolumb, masscrypt@exploit.im, Ne'er-Do-Well News, obelisk57@gmail.com, pepyak@gmail.com, sergey y purtov, sergey yurievich purtov, spurtov@gmail.com, vip crypt, Web Fraud 2.0, Сергей Юрьевич Пуртов

Credit to Author: BrianKrebs| Date: Wed, 21 Jun 2023 18:39:36 +0000

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. In fact, the process of “crypting” malware is sufficiently complex and time-consuming that most serious cybercrooks will outsource this critical function to a handful of trusted third parties. This story explores the history and identity behind Cryptor[.]biz, a long-running crypting service that is trusted by some of the biggest names in cybercrime.

Independent Krebs Security

Ask Fitis, the Bear: Real Crooks Sign Their Malware

June 1, 2023 0 Comments 165540027, 774748@gmail.com, akafitis@gmail.com, Breadcrumbs, code-signing certificates, constella intelligence, domaintools.com, featar24, fitis, flashpoint, glavmed, intel 471, konstantin evgenievich fetisov, megatraffer, Ne'er-Do-Well News, o.r.z., spamit, spampage@yandex.ru

Credit to Author: BrianKrebs| Date: Thu, 01 Jun 2023 16:15:34 +0000

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software. This post is a deep dive on “Megatraffer,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015.

Independent Krebs Security

Discord Admins Hacked by Malicious Bookmarks

May 30, 2023 0 Comments aura network, berk yilmaz, bookmarklets, Breadcrumbs, Latest Warnings, levatax, metrixcoin, nahmii, nicholas scavuzzo, ocean protocol, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 31 May 2023 00:19:17 +0000

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark.